Help

Add MFA to JAMF Admin sign in process?

VintageMacGuy
Contributor II

Posted on ‎09-14-2021 01:31 PM

I am looking for a way to get MFA added to the sign in for JAMF's web interface for JAMF Admins. Just the company.jamf.com site - not the Macs we manage. And not for any Mac users - just admins signing in to the site.

 

JAMF Connect may do this - but here is the catch. For compliance reasons we will not connect JAMF Admin accounts into any directory service like AD or AAD. They need to be stand alone, local, JAMF accounts. No LDAP.

Ideally an extra column would be added to the JAMF Users list to hold a cell phone number, which would be used to send a random PIN, which is then asked for upon sign in. That would meet our MFA requirements. That's all we need.

I don't think anything like this currently exists. Is there another way to get there that is not involving buying a few hundred seat license of JAMF Connect to get one feature for a handful of admins to get MFA added, plus setting up and maintaining a whole other directory service for a few admin users?

Reply
8 REPLIES 8

junjishimazaki
Valued Contributor

Posted on ‎09-14-2021 01:45 PM

@VintageMacGuy Jamf Connect functionality is to sync/create user accounts/password on the Mac not authenticating to the Jamf Pro web server. But, as you found out Jamf does not have a built-in function to enable MFA unless you first authenticate through an IDP/SSO. 

0 Kudos
Reply

Tribruin
Valued Contributor II

Posted on ‎09-14-2021 02:15 PM

I am pretty sure there is an FR for MFA for local Jamf Pro accounts, not tied to a Cloud IdP. But, I think Jamf' stance is that it is available by integrating Okta or Azure, so a local option is not necessary. 

0 Kudos
Reply

VintageMacGuy
Contributor II
In response to Tribruin

Posted on ‎09-14-2021 02:34 PM

Seems like we are slipping through the cracks on this one.

 

0 Kudos
Reply

mickl089
Contributor III

Posted on ‎10-05-2021 06:33 AM

I need also this function.... no chance to get MFA for the admin login?

Reply

Mbantz
New Contributor
In response to mickl089

Posted on ‎04-08-2022 01:46 AM

I also need this function too. Creating an interface to Google authenticator og Microsoft authenticator would be much appreciated

Reply

mickl089
Contributor III
In response to Mbantz

Posted on ‎05-05-2022 07:41 AM

there is a function for this, but a little bit tricky to install / Setup:

https://yourcompany.jamfcloud.com/view/settings/system/sso

Just try it, we got this working with azure connectivity!

0 Kudos
Reply

Mbantz
New Contributor
In response to mickl089

Posted on ‎05-18-2022 02:52 AM

We do not have an Azure AD, please advise how to set up MFA without Azure.

I still recommend Jamf to implement the simple MFA setup as all other sites do,

hope it will be implemented soon.

0 Kudos
Reply

Tribruin
Valued Contributor II
In response to Mbantz

Posted on ‎05-20-2022 08:57 AM

I don't see Jamf adding basic MFA anytime soon. Whenever this question has come up, they point back to their SSO options with Azure, Okta, Ping, Google, etc. That covers a vast majority of the Identity providers and eliminates the need for creating a separate MFA process. 

 

Do you use ANY identity provider for other internal resources. Since MFA is a concern, I would suspect you have an IdP. 

Reply